As we've already told every object has its right of access: "read", "write" and "master". They are set by files with corresponding extensions.
These rights could be transmitted to some virtual object "1". It must be described in "rejump_df.conf" as "$ANONYMS=1". Otherwise these rights could be transmitted to some "data-object", for example "data-user-22--man".
At that file "1.read" contents looks like this "@1" or "@data-user-22--man" accordingly. In first case all users have right to reading. In second case - only user registered in system as
"data-user-22--man".

Input password is compared with the object <&<&i.user>:password?Value>.

Object "$i.user" must point to object with password using link "password". In elemental case folder "22--man" includes file "0.password", which contains password.

User's authorization is valid during one session of work with browser. To become an anonymous user again you should call script with "logout()" (without parameters) operation.

You always could know who is your current user using variable "$GEN_USER". The informaton about user would be transmitted there similarly to "$1" and "$SKIP". Expression <&GEN_USER> returns that value. If you are not login yet "$GEN_USER" returns "1" (anonymous object is described in variable "$ANONYMS").

You can use the object you got from "$GEN_USER" for all your further calculations. It is easy-to-use to write <IF $GEN_USER=1 number_marker> and get if user is authorized or it's anonymous user ($ANONYMS=1).

Using construction <IF $GEN_USER=data-user-22--man 1> you can check up if user is authorized as "data-user-22--man".

Write <&GEN_USER:password?Value> and get user's password (if you have corresponding authorities).